Tls 1.2 Not Working in Curl

curl with TLSv1.2 works on client but not on server

I checked the server by https://www.ssllabs.com/ssltest/ and ist says that the certificate is valid and that the server supports TLS 1.2, 1.1 and also 1.0.

You could also try to add --no-check-certificate within your curl-request.

I also tried the -k option with curl (I think --no-check-certificate cannot be used with curl but with wget) with the same result. In the apache log I can see nothing; I think because the connection tries to come in by SSL.

With openssl s_client -debug server.foobar.net:443/owncloud/remote.php/carddav/addressbooks/foobar/kontakte/ I get this:

140093535233696:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:795:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 295 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE

EDIT: Now I got it! In the /etc/hosts of my server there was a wrong configuration.

PHP cURL: enforce low TLS version

To answer my own question, documentation at https://www.php.net/function.curl-setopt is/was outdated. cURL 7.54 changed behavior of CURL_SSLVERSION_ macros, these set now the minimum acceptable TLS version for the connection. It also introduced CURL_SSLVERSION_MAX_ macros, which set the maximum TLS version tried. Until PHP documentation is updated, see https://curl.haxx.se/libcurl/c/CURLOPT_SSLVERSION.html.

Accordingly, limiting the connection to TLS v1.1 works like this:

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://api.paypal.com/v1/oauth2/token');
curl_setopt($ch, CURLOPT_SSLVERSION, CURL_SSLVERSION_MAX_TLSv1_1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);

Related Topics